Linux server distributions pack a punch. They can handle whatever you throw their way. If they don’t meet your needs right out of the box, you can tweak them to fit perfectly.
Let’s talk about SFTP. It’s an FTP service integrated into Secure Shell (SSH), letting you securely transfer files between your machine and the server.
Today, I’ll guide you through setting up an SFTP server. The plan is to create a user whose account is limited strictly to SFTP logins. Once you nail this down, adding more users becomes straightforward. This method will work across all Linux distributions.
Ready to dive in?
What You’ll Need
You need access to an admin account. Once you have that, let’s get started.
Create an SFTP Directory
First, we’ll set up the directory for your FTP data. Open a terminal, switch to the root user by typing su, and enter the root password. Then run these commands:
mkdir -p /data
chmod 701 /dataCreate the Group and User
Next, let’s form a dedicated group for users. Use this command:
groupadd sftp_usersWe’ll create a user who belongs to this group but doesn’t have standard login privileges. You can name the user as you see fit. Here’s the command for that:
useradd -g sftp_users -d /upload -s /sbin/nologin USERNAMEReplace USERNAME with your chosen name. After that, set a password for the user:
passwd USERNAMECreate the User’s Directory
Now it’s time to create a specific upload directory for the new user and set the right permissions. Run these commands:
mkdir -p /data/USERNAME/upload
chown -R root:sftp_users /data/USERNAME
chown -R USERNAME:sftp_users /data/USERNAME/uploadAgain, replace USERNAME with the name you used before.
Configure SSHD
Next, let’s edit the SSH daemon configuration file. Open it with:
nano /etc/ssh/sshd_configAt the bottom, add:
Match Group sftp_users
ChrootDirectory /data/%u
ForceCommand internal-sftpSave the file and restart SSH:
systemctl restart sshdLogging In
You’re ready to log in. From another machine with SSH installed, open a terminal and type:
sftp USERNAME@SERVER_IPReplace USERNAME with your user name and SERVER_IP with your server’s IP address. Enter the password when prompted. After successful login, you’ll see the SFTP prompt. Type pwd to check your current directory; it should show /upload.
Setting up an SFTP server on Linux is straightforward and budget-friendly. You can now offer a secure way for staff and clients to manage file transfers. Enjoy the ease and security of your new server!
Enhancing Server Security and Maintenance
While the initial setup is complete, maintaining a healthy SFTP environment requires a few extra steps. Security is a moving target, and keeping your server “set and forget” can lead to vulnerabilities over time.
Monitor Your Logs
Always keep an eye on who is accessing your server. Linux stores authentication attempts in /var/log/auth.log (on Debian/Ubuntu) or /var/log/secure (on RHEL/CentOS). Regularly checking these files helps you spot failed login attempts or brute-force attacks. If you see suspicious activity, consider installing Fail2Ban. This tool automatically blocks IP addresses that show too many failed password attempts.
Manage Storage Quotas
If you have many clients uploading large files, your disk space can fill up fast. You should implement disk quotas to limit how much data each user can store. This prevents one person from accidentally crashing the server by taking up all the available space.
Keep Software Updated
Finally, always run regular system updates. Use commands like apt update && apt upgrade or dnf update weekly. Since SFTP relies on the SSH protocol, staying on the latest version ensures you have the newest security patches against hackers. These small habits turn a good server into a great, professional-grade tool.
To order our software development and system administration services, please visit our contact page.